Setting Up Your Twitter App

On your application management interface, be sure to add a callback URL in the field. It doesn't matter too much what URL you stick in here, so long as you update your `manifest.json` file to include that domain for when you inject your content script.

This will let Twitter know which app is trying to authenticate when the user kicks off the oauth process.

Updating your manifest.json file

Your `manifest.json` file tells Chrome everything it needs to know about your extension, including permissions and which scripts to inject on which sites.

First, let's set the permissions. This is an array that tells Chrome what your extension can and cannot do:

tabs: for opening a new tab when we start the oauth process that directs users to their twitter login screen

storage: for saving tokens to `chrome.storage.local`

https://api.twitter.com/*: we need to make requests to this endpoint for the oauth process

"permissions": [
"tabs",
"storage",
"https://api.twitter.com/*"
]

Next, let's define how our content scripts are used. You need to have `js/session.js` load on https://andyjiang.com/*, because when Twitter redirects the user to that domain provided in the callback URL, `js/session.js` will parse the tokens from the query string and send it to your `js/background.js` file.